Skip to content

Instantly share code, notes, and snippets.

@TJetnipat
TJetnipat / CVE-2023-24044
Last active May 27, 2024 14:29
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a HTTP "Host" request header.
Vulnerability: Host Header Injection
Product: Plesk Obsidian
Version: 18.0.49 and below
Tools:
Burp Suite
Mozilla Firefox (as a browser)